Computational lambda-calculus and monads 



Eugenio Moggi* 
LFCS 
Dept. of Comp. Sci. 
University of Edinburgh 
EH9 3JZ Edinburgh, UK 
em@lfcs.ed.ac.uk 

October 1988 

Abstract 

The A-calculus is considered an useful mathematical tool in the study 
of programming languages, since programs can be identified with A-terms. 
However, if one goes further and uses /^-conversion to prove equivalence 
of programs, then a gross simplification 1 is introduced, that may jeopardise 
the applicability of theoretical results to real situations. In this paper we 
introduce a new calculus based on a categorical semantics for computations. 
This calculus provides a correct basis for proving equivalence of programs, 
independent from any specific computational model. 

1 Introduction 

This paper is about logics for reasoning about programs, in particular for proving 
equivalence of programs. Following a consolidated tradition in theoretical computer 
science we identify programs with the closed A-terms, possibly containing extra 
constants, corresponding to some features of the programming language under con- 
sideration. There are three approaches to proving equivalence of programs: 

• The operational approach starts from an operational semantics, e.g. a par- 
tial function mapping every program (i.e. closed term) to its resulting value (if 
any), which induces a congruence relation on open terms called operational 
equivalence (see e.g. [Plo75]). Then the problem is to prove that two terms 
are operationally equivalent. 

*On leave from Universita di Pisa. Research partially supported by the Joint Collaboration 
Contract # ST2J-0374-C(EDB) of the EEC 

1 programs are identified with total functions from values to values 
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• The denotational approach gives an interpretation of the (programming) lan- 
guage in a mathematical structure, the intended model. Then the problem 
is to prove that two terms denote the same object in the intended model. 

• The logical approach gives a class of possible models for the (programming) 
language. Then the problem is to prove that two terms denotes the same object 
in all possible models. 

The operational and denotational approaches give only a theory (the operational 
equivalence m and the set Th of formulas valid in the intended model respectively), 
and they (especially the operational approach) deal with programming languages 
on a rather case-by-case basis. 

On the other hand, the logical approach gives a logical consequence relation h 
(Ax h A iff the formula A is true in all models of the set of formulas Ax), which 
can deal with different programming languages (e.g. functional, imperative, non- 
deterministic) in a rather uniform way, by simply changing the set of axioms Ax, 
and possibly extending the language with new constants. Moreover, the relation h 
is often semidecidable, so it is possible to give a sound and complete formal system 
for it, while Th and ~ are semidecidable only in oversimplified cases. 

We do not take as a starting point for proving equivalence of programs the 
theory of /^-conversion, which identifies the denotation of a program (procedure) 
of type A — > B with a total function from A to B, since this identification wipes out 
completely behaviours like non-termination, non-determinism or side-effects, that 
can be exhibited by real programs. Instead, we proceed as follows: 

1. We take category theory as a general theory of functions and develop on top a 
categorical semantics of computations based on monads (this is my main 
contribution) . 

2. We show that w.l.o.g. one may consider only monads over a topos (because of 
certain properties of the Yoneda embedding), and therefore one can use higher 
order intuitionistic logic. 

3. We investigate how datatypes, in particular products, relates to computations 
(previous work by category-theorists is particularly useful here). 

At the end we get a formal system, the computational lambda-calculus (A c -calculus 
for short), similar to PPX (see [GMW79]) for proving equivalence and existence 
of programs, which is sound and complete w.r.t. the categorical semantics of compu- 
tations. The methodology outlined above is inspired by [Sco80] 2 , in particular the 
view that "category theory comes, logically, before the A-calculus"led us to consider 
a categorical semantics of computations first, rather than trying to hack directly on 
the rules of /^-conversion to get a correct calculus. 

2 "I am trying to find out where A-calculus should come from, and the fact that the notion of 
a cartesian closed category is a late developing one (Eilenberg & Kelly (1966)), is not relevant to 
the argument: I shall try to explain in my own words in the next section why we should look to it 
first' ' . 
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1.1 Related work 



The operational approach to find correct A-calculi w.r.t. an operational equivalence, 
was first considered in [Plo75] for call-by- value and call-by-name operational equiv- 
alence. This approach was later extended, following a similar methodology, to con- 
sider other features of computations like nondeterminism (see [Sha84]) and side- 
effects (see [FFKD86, MT89]). 

The calculi based only on operational considerations, like the A v -calculus, are 
sound and complete w.r.t. the operational semantics, i.e. a program M has a value 
according to the operational semantics iff it is provably equivalent to a value (not 
necessarily the same) in the calculus, but they are too weak for proving equivalences 
of programs. 

The denotational approach may suggest important principles, e.g. fix-point in- 
duction (see [Sco93, GMW79]), that can be found only after developing a semantics 
based on mathematical structures rather than term models, but it does not give 
clear criteria to single out the general principles among the properties satisfied by 
the model. 

The approach adopted in this paper generalises the one followed in [Ros86, 
Mog86] to obtain the A p -calculus, i.e. the calculus for reasoning about partial com- 
putations (or equivalently, about partial functions). In fact, the A p -calculus (like 
the A-calculus) amounts to a particular X c -theory. 

A type theoretic approach to partial functions and computations is attempted in 
[CS87, CS88] by introducing a new type constructor A, whose intuitive meaning is 
the set of computations of type A. However, Constable and Smith do not adequately 
capture the general axioms for (partial) computations as we (and [Ros86]) do, since 
they lack a general notion of model and rely only on domain- and recursion-theoretic 
intuition. 

2 A categorical semantics of computations 

The basic idea behind the semantics of programs described below is that a program 
denotes a morphism from A (the object of values of type A) to TB (the object of 
computations of type B). There are many possible choices for TB corresponding 
to different notions of computations, for instance in the category of sets the set 
of partial computations (of type B) is the lifting B + {_L} and the set of non- 
deterministic computations is the powerset V(B). Rather than focus on specific 
notions of computations, we will try to identify the general properties that the 
object TB of computations must have. 

Definition 2.1 

A computational model is a monad (T,rj,fi) over a category C, i.e. a functor 
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T: C — > C and two natural transformations r\: Idc — > T and fi:T 2 -4 T s.t. 




which satisfies also an extra equalizing requirement: t]a' A — > TA is an equalizer 
of t\tA and T{t)a), i.e. for any /:£?—» TA s.t. f\r\rA = f]T(r)A) there exists a 
unique m: B ^ A s.t. f = m: rjA 3 - 

Remark 2.2 Intuitively t}a' A — > 7M gives the inclusion of values into computations, 
while /j,a'T 2 A — > 7M flatten a computation of a computation into a computation. 
However, it is the equalizing requirement which ensures that t)a is a (strong) 
mono rather than an arbitrary morphism. 

According to the view of "programs as functions from values to computations" the 
natural category for interpreting programs is not C, but the Kleisli category. 

Definition 2.3 (see [Mac71]) 

Given a monad (T, rj, fj) overC, the Kleisli category Ct, is the category s.t. : 

• the objects of Ct are those of C 

• the set Ct(A. B) of morphisms from A to B in Ct is C(A, TB) 

• the identity on A in Ct is A ^4 TA 

• the composition of f € Ct(A, B) and g € Cr{B. C) in Ct is 
A^TB T A T 2 C ^ TC 



Remark 2.4 Our view of programs corresponds to call-by- value parameter passing, 
but there is an alternative view of "programs as functions from computations to 
computations" corresponding to call-by-name (see [Plo75] and Section 5). In any 
case, the fundamental issue is that there is a subset of the computations, the values, 
which has special properties and should not be forgotten. By taking call-by-value 
we can stress better the importance of values. Moreover, call-by-name can be more 
easily represented in call-by- value than the other way around. 

Before going into the details of the interpretation we consider some examples of 
computational models over the category of sets. 

Example 2.5 non-deterministic computations: 

3 The other property for being an equalizer, namely t]a;t]ta = Wa',T(tia), follows from the 
naturality of r\ 
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• T(_) is the covariant powerset functor, i.e. 

T(A) = V(A) and T(f)(X) is the image of X along / 

• t\a is the singleton map a i— >■ {a} 

• ha is the big union map X i-» UX 

It is easy to check the equalizing requirement, in fact 

Vta:X^ {X} T( VA ):X^ {{x}\x e X} 
therefore t]ta{X) = T(t]a){X) iff X is a singleton. 
Example 2.6 computations with side-effects: 

• T(_) is the functor (5 — > (_ x Sj), where S is a nonempty set of stores. 
Intuitively a computation takes a store and returns a value together with the 
modified store. 

• r)A is the map a i-» (As: S.(a, s)) 

• \xa is the map / i-» (As: <S.eval(/s)), i.e. Ha(J) is the computation that given 
a store s, first computes the pair computation-store (/', s') = /s and then 
returns the pair value-store (a, s") = /'s'. 

One can verify for himself that other notions of computation (e.g. partial, proba- 
bilistic or non-deterministic with side-effects) fit in this general definition. 

2.1 A simple language and its interpretation 

The aim of this section is to focus on the crucial ideas of the interpretation, and the 
language has been oversimplified (for instance terms have exactly one free variable) 
in order to define its interpretation in any computational model without requiring 
any additional structure on it. However, richer languages, e.g. with product and 
functional types, will be considered in Section 3. The term language we introduce 
is parametric in a signature (i.e. a set of base types and unary function symbols), 
therefore its interpretation in a computational model (T, r], fi) over a category C, is 
parametric in an interpretation of the symbols in the signature. 

• Given an interpretation [A] for any base type A, i.e. an object of the Kleisli 
category Ct, then the interpretation of a type t :: = A | Tr is an object [r] 
of Ct defined in the obvious way, namely [Tr] = T\r\. 

• Given an interpretation [/] for any unary function symbol / of arity T\ — > r 2 , 
i.e. a morphism from [ti] to [r 2 ] in Ct, then the interpretation of a well-formed 
term i:rhe: r' is a morphism \x: rhe: r'\ from [r] to [r'J in Ct defined by 
induction on the derivation of x: t h e: r' (see Table 1). 

• On top of the term language we consider two atomic predicates: equivalence 
and existence (see Table 2). 
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RULE 


SYNTAX 




SEMANTICS 


var 






x: t h x: t 




= %] 


let 


X'.T \~ &\ \ T\ 

X\. Ti h e 2 : r 2 




= 0i 

= #2 




x'.t \~ (let X\=e\ in 




■t 2 = gi',Tg 2 ; fii T2 j 




i.e. 


#2 


in the Kleisli category 


/: n -> r 2 


X\T \~ e\\Ti 




= 9i 




x:t\~ /(ei):r 2 






[-] 


rrhe: r' 




= 0 




i:rh [e]:Tr' 




= vt{t'j 


n 


irhe: Tr' 




= 9 




X'.t \~ //(e): r' 




= 9\ /%'] 



Table 1: Terms and their interpretation 



RULE 


SYNTAX 


SEMANTICS 




eq 


x: ri h ei: r 2 
x: ri h e 2 : r 2 


= 9i 

= 92 






x: n h ei = e 2 : r 2 


9i = 92 




ex 


x: Ti h e: r 2 


= 9 






x: T\ he|r 2 


g factors throuj 






i.e. there exists (unique) h s.t. g = 





Table 2: Atomic assertions and their interpretation 
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Remark 2.7 The let-constructor is very important semantically, since it corresponds 
to composition in the Kleisli category Ct- While substitution (of a variable with an 
expression denoting a value) corresponds to composition in C. 

In the A-calculus (let x=e in e') is usually treated as syntactic sugar for (Xx.e')e, 
and this can be done also in the A c -calculus (because of (j3) in Table 8). However, we 
think that this is not the right way to proceed, because it amounts to understanding 
the let-constructor, which makes sense in any computational model, in terms of 
constructors that make sense only in \ c -models. On the other hand, (let x=e in e') 
cannot be reduced to the more basic substitution (i.e. e'[x:= e]) without collapsing 
C T to C. 

Remark 2.8 The existence of e does not simply means that the computation denoted 
by e terminates (as, say, in the logic of partial terms), but something stronger, 
namely that e denotes a value. For instance: 

• a non-deterministic computation exists iff it gives exactly one result; 

• a computation with side-effects exists iff it does not change the store. 

According to the paradigm of Categorical Logic, formulas should be interpreted by 
subobjects. This can be achieved by interpreting the binary predicate _ = _: r, i.e. 
equality of computations of type r, by the diagonal A^[ T ] and the unary predicate 
_ I t, i.e. existence of computations of type r, by r/[ T ], which is a mono because of 
the equalizing requirement. 

2.2 Embedding of a computational model in a topos 

We show that any computational model (T, r\, jj) over a small category C can be lifted 
to a computational model (T, fj, p) over the topos C of presheaves (i.e. the functor 
category Set c ° P ), and that such a lifting commutes with the Yoneda embedding Y 
of C into C. i.e. 

f(Y_)=Y(T_) , Vy_ = Y( V _) , Ay_ = YGu_) 

As pointed out in [Sco80] such an embedding enable us to switch from the equa- 
tional (and rather inexpressive) calculus of an arbitrary computational model to the 
intuitionistic higher-order logic of (a computational model over) a topos. 

The monad (T, fj, fi) is defined by using the Yoneda embedding Y: C — > C and 
Lan Y , i.e. the left adjoint to Y; _: C e — > C c mapping any F:C — > C to its left Kan 
extension 4 along Y (see [Mac71]), namely: 

T = Lan(T;Y) , fj = L&n(rj;Y) , /i = Lan(//;Y) 

The commutativity with the Yoneda embedding (stated above) and the fact that Y 
induces a full and faithful embedding Y of Ct into Cf follow from some well-known 
properties of Y and Lan Y , summarised in the following lemma: 

Lemma 2.9 If C is small category, then Y: C — > C and Lan Y :C c — > C c are full and 
faithful. Moreover Y; LanyF = F for every F:C — > C. 

4 the left adjoint Lany exists because Set is small cocomplete 
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3 Extending the language 



In this section we discuss how to interpret terms with any finite number of variables 
(instead of exactly one as in Table 1) and how datatypes relate to computations. We 
will consider only product and functional types, because sum types are completely 
straightforward 5 . This will allow a comparison with cartesian closed categories (ccc) 
and partial cartesian closed categories (pccc). 

The standard requirement on a category for interpreting terms with any finite 
number of variables is that it must have finite products, so that the interpretation [/] 
of a function symbol / of arity r — > r is a morphism from [x (r)] (i.e. [ti] x . . . x [t„]) 
to [t] and similarly the interpretation of a well-formed term x\\ Ti, . . . , x n : r n h e: r 
is a morphism from [x(r)J to [r]. 

According to the view of "programs as functions from values to computations" , 
products should be taken in C, since a value of type A x B is a pair of values one of 
type A and the other of type B, even though the natural category for interpreting 
programs is Ct- However, products are not enough to extend the interpretation to 
terms with more than one free variable, because we must be able to take a pair 
value-computation or computation-computation and turn it into a computation of 
a pair. 

Example 3.1 Let g 2 .T\ — > Tr 2 and and g\T\ x r 2 — > Tr be the interpretations of 
X\.T\ h e 2 :r 2 and X\. T\, x 2 : r 2 h e: r respectivelly. The problem with terms having 
more than one free variable (and its solution) becomes apparent if we try to interpret 
X\.T\ h (let :r 2 =e 2 in e): r, when both X\ and x 2 are free in e. 

If T were Id^, then [xi:ti h (let x 2 =e 2 in e): r] would be (id T1 , g 2 ); g. In the 
general case, Table 1 says that _; _ above is indeed composition in the Kleisli category, 
therefore (id Tl , g 2 ); g becomes (id Tl , g 2 ); Tg; fi T . But in (id Tl , g 2 ); Tg; fi T there is a 
type mismatch, since the codomain of (id Tl ,g 2 ) is T\ x Tt 2 , while the domain of 
Tg is T(t\ x r 2 ). To get around this we require T to have a tensorial strength 
t A;B :A x TB — > T(A x B) (see below), so that xi.ti h (let x 2 =e 2 in e): r will be 
interpreted by (id T1 , g 2 ); t T1)T2 

Similarly for interpreting x: r h /(ei,e 2 ):r', we need a natural transformation 
■0a,b : (rA x TB) — > T(y4 x B) (see Definition 3.4), which given a pair of programs 
returns a program computing a pair. More precisely, let g^.r —> TTi be the inter- 
pretation of x:t h ef.Ti, then [x: r h f(e 1 .e 2 ):T l ] is (^i, ^ 2 ); -0 T1 , T2 ; T[/]; 

Definition 3.2 Zei C 6e a category with finite products, andrA, &a,b,c and ca,b be 
the natural isomorphisms: 

(1 x A) ^ A , (A x B) x C ^ A x (B x C) , (A x B) A- (B x A) 

A computational cartesian model over C is a computational model (T, r\, jj) over 
C together with a tensorial strength t^ ^: (AxTB) — > T(AxB) ofT, i.e. a natural 

5 coproducts are preserved by the inclusion of C into the Kleisli category Ct 
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transformation s.t. 



1 x TA -*H T(l x A) 



TA 




(Ax B)x TC 



tytxB,C 



^ T((A xB)xC) 



t 



Ta, 



t 



Ax(Bx TC) ^ X tB '> AxT(Bx C) ^% T(A x (B x C)) 



satisfying the following diagrams: 

AxB 



id 



AxB 



^ AxB 



id A x riB 



V 

AxTB 
x1\ 



\&A X LIB 



Vaxb 

^ T(A x B) 
xN 

f-AxB 



A x T 2 B -^f. T(t4 x T5) ^4- T 2 (A x 5) 



Remark 3.3 In general the tensorial strength t has to be given as an extra parameter 
for models. However, t is uniquely determined (but it may not exists) by T and 
the cartesian structure on C, when C has enough points, i.e. if f.g:A — > B, then 
f = g^(Mh:l^A.h-f = h-g). 

The diagrams above are not new, they are all in [Koc70b], where a one-one corre- 
spondence is established between functorial and tensorial strengths 6 : 

• the first two diagrams, saying that t is a tensorial strength of T, are (1.7) and 
(1.8) in [Koc70b]. By Theorem 1.3 in [Koc70b] t induces a functorial strength 
of T making X a C-enriched (also called strong) functor. 

• the last two diagrams say that r\ and fi are natural transformations between 
suitable C-enriched functors, namely r\: Idc — x T and fi: T 2 — > T (see Re- 
mark 1.5 in [Koc70b]). 

6 If V is a monoidal closed category, then a functorial strength of an endofunctor T on V 
is a natural transformation st a. b-B a —X TB TA making T a V-enriched functor. Intuitively st 
internalizes the action of T on morphisms. 
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Definition 3.4 The tensorial strength t induces a monoidal structure, i.e. a 
natural transformation ipA,B '■ (TA x TB) — > T(A x B) and a map tpi m . 1 — > Tl 

"0y4,B = CtA,TB]^TB,A]T(ctb,A]^A,b)'; HAxB , Ipl = Vl 

satisfying certain diagrams (see [EK66J). 

The morphism V'a.b: x TB) — > T(A x 5) has the correct domain and codomain 
to interpret the pairing of a computation of type A with one of type B (obtained 
by first evaluating the first argument and then the second), while the morphism 
tpi interprets the computation of () (the empty tuple). There is also a dual notion 
of pairing, namely tpA,B = Ca.b',4>b,a';Tcb.A; which amounts to first evaluating the 
second argument and then the first (see (2.1) and (2.2) at page 14 in [Koc70b]). 

The categorical interpretation of functional types in a computational model re- 
sembles that of partial function spaces in a pccc (see [Ros86, Mog86]): 

Definition 3.5 Let C be a category with finite products. A A c -model over C is a 
computational cartesian model (T, r\. /i, t) over C together with a family of universal 
arrows eval^ B : (B^ xi)4 TB (in C) s.t. for any f: (C x A) — > TB there exists a 
unique h: C — > B- (denoted by c(f) ) ma king the following diagram commute 




CxA 



A more suggestive way of saying the same thing is that there is a natural isomorphism 
C T (C x A,B) = C(C, B-), where A, B and C vary over C op , C T and C respectively. 

The simple language introduced in Section 2.1 and its interpretation can be 
extended according to the additional structure available in a cartesian computational 
model (T, rj, /i, t) on a category C with finite products: 

• there is a new type 1, interpreted by the terminal object of C, and a new type 
constructor T\ x t 2 interpreted by the product of [ti] and [r 2 ] in C 

• the interpretation of a well-formed term F h e: r, where T is a sequence 
x\\ Ti, . . . , x n : t„, is a morphism from [r] (i.e. [ti] x . . . x \r n \) to [t] in Ct 
(see Table 3) 7 . 

In a A c -model the interpretation can be extended to functional types and A-terms, 
namely: the type Ti — t 2 is interpreted by ^J^ 1 ^, while abstraction and application 
are interpreted as in Table 4. 

7 We do not have to consider nonunary functions explicitly, because in a language with products 
they can be treated as unary functions from a product type. 
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RULE 


SYNTAX 




SEMANTICS 


var 










X\ . T\ , . . . . X n . T n \~ Xi . Tj 






let 










T h e-i: ri 


= 


0i 




r,xi:ri h e 2 :r 2 




02 




r h (let X\=e\ in e 2 ): r 2 


= 


( id [r], 0i); t[r],[n]; ?0 2 ; //[ T2 j 


* 










r h *: 1 


= 


Vl^i 




where U is 


the 


only morphism from A to 1 


0 


T h ei:ri 
r h e 2 : r 2 




0i 

02 




T h (ei,e 2 ):ri x r 2 
















F h e: ri x r 2 








T h 7rj(e):r! 




0;r(7ri) 



Table 3: Terms and their interpretation 



RULE 


SYNTAX 




SEMANTICS 


A 


T, ^i: ri 1- e 2 : r 2 








T h (Axi:ri.e 2 ):ri 


T 2 = 


A [Ti],[T 2 ],[r](0);%i-T 2 ] 


app 


T h ei-.Ti 

T h e: ri — ^ r 2 




01 
0 




T h e(ei):r 2 




(0'0l); a PP[r 1 ],M 




where app A B : T(B£] 


x 7\4 


TB is Vb>u; T(eval^ B ); /i B 



Table 4: A-terms and their interpretation 
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3.1 Examples 

In this section we show few general ways of constructing computational models from 
simpler ones. Each of them amounts to adding a new feature to computations. 

Example 3.6 Let (T, rj,n, t) be a cartesian computational model on a topos (for 
simplicity Set), then the following are cartesian computational models: 

• Let S be inhabited (i.e. 1 < S), then the model (T s , r/ s , fi s , t s ) of T-computations 
with side-effects in S is 

Ts(-)= t (-xS) s t 

Va = ^S,(AxS),a(VAxs) 

Va = ^ls.XAxS),(T§A)( eYa ys,(T s AxS)>T(ev&l s ^ AxS - ) ): /lAxs) 

tS A,B = ^S,(AxS),(AxT s B)( a A,T s B.S] (^A X ^^S,(BxS))': t A.BxS] T(a^ B ,s)) 

• the model (T E , T] E . \i e , t E ) of T-computations with exceptions in E is 

T £ (_) = T(_ + £) 
r] E = ini; rj A+E 

nf = T([id T(A+Eh in 2 ; r) A+E ]); Ha+e 

t>A,B = ^A,B+E', T(d AjB ,E', [id^xB) ^2]) 

where A + B T^- B is a coproduct diagram, 

[/, g\: A + B — > C is the mediating morphism of /: A — > C and g: B ^ C, i.e. 
the unique /i: A + B — > C s.t. / = ini; /i and g = in 2 ; /i, 

<1>a,b.c is the natural isomorphism ix(B + (7) — > (Ax B) + (Ax C) expressing 
commutativity of coproducts w.r.t. products 8 

These constructions provide basic building blocks, that can be combined together 
for instance: 

• T ES (A = T((_ x S) + E) s and T SE (-) = T((_ + £) x S) S combine side-effects 
and exceptions. In the former the store is lost, when an exception is raised, 
while in the latter it is retained. 

• If T is the monad of ^-continuations 9 , i.e. T(_) = i?' R(_) , then the monad 
Ts(A) = R Sx ( R x ) combines continuation and side-effects as done when giving 
the denotational semantics of imperative languages with goto. 

Monad-morphisms provide a simple tool for relating two computational models: 

Definition 3.7 

Given two cartesian computational models (T, 7] T . \F , t T ) and (S. r/ s . /j, s . t s ) over the 
8 which holds in cartesian closed categories, but not in general 

9 It is not clear what properties R must have in order for the monad T to satisfy the equalizing 
requirement. Intuitively one expects that the category C must have enough J?-observations, i.e. 
f = 9 < — > (V/i: B -» R.f; h = g;h) for any f,g:A^B 
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same category, a monad-morphism from the first to the second model is a natural 
transformation a:T S s.t. : 



A . > TA < (*a T 2 A 



a. 



A.B 




AxTB T(A x B) 



Ax a B 



>TA^ 



/4 



V 

T 2 A 



v 



0~Ay.B 



V 



A x SB — ■> 5(^4 x B) 



A.B 



where a 2 is the horizontal composition, i.e. a\ = T{ga) \ ctsa = &TA] S(<ja)- 

Example 3.8 For each of the computational model constructions defined above there 
is a monad morphism from T to it, namely: 

• a s :T -4 T s is the natural transformation s.t. erf is axST{A)(^a,s) 

• a E : T ^> T E is the natural transformation s.t. erf is T(mf ,E ) 

Monad-morphisms are not adequate for relating A c -models, because the natural 
transformation a cannot be extended to functional types. Instead, one can use 
a notion of logical relation between A c -models (see [Mog88] for various notions of 
logical relation between A p -models). 



4 The A c -calculus 

In this section we present a formal system, the A c -calculus, based on many sorted 
intuitionistic logic with two atomic predicates, existence and equivalence. 

We claim that the formal system is sound and complete w.r.t. A c -models (over 
toposes). Soundness amounts to showing that the inference rules are admissible in 
any A c -model, while completeness amounts to showing that any A c -theory has an 
initial model (given by a term-model construction). 

The inference rules of the A c -calculus are for deriving sequents T.A h A, where T 
is a sequence of type assignments x: t. A is a set of formulas and A is a formula s.t. 
the free variables FV(A, A) of A and A are included in the declared variables DV(r) 
of T. The intuitive meaning of T. A h A is: "for all variables in F, if all formulas in A 
are true, then A is true". We have intentionally left the set of formulas unspecified, 
since it depends on what class of models one is interested in. There is a minimal 
and maximal choice for the set of formulas: 

• if the language has to be interpreted in any A c -model, then only atomic for- 
mulas (including e = e'\ t and e \. r) are allowed 

• if the language has to be interpreted only in A c -model over a topos, then all 
higher order formulas are allowed. 
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The inference rules are partitioned as follows: 

• general rules for (higher order) intuitionistic logic, where variables range over 
values, while terms denotes computations (see Table 5 for the most relevant 
rules) 10 

• the basic inference rules for computational models (see Table 6) 

• the inference rules for product types (see Table 7) 

• the inference rules for functional types (see Table 8) 

Remark 4.1 A comparison among A c -, A v - and A p -calculus shows that: 

• the A v -calculus proves less equivalences between A-terms, e.g. (Xx.x)(yz) = 
(yz) is provable in the A c - but not in the A v -calculus 

• the Ap-calculus proves more equivalences between A-terms, e.g. (Xx.yz)(yz) = 
(yz) is provable in the A p - but not in the A c -calculus, because y can be a 
procedure, which modifies the store (e.g. by increasing the value contained in 
a local static variable) each time it is executed. 

• a A-term e has a value in the A c -calculus, i.e. e is provably equivalent to some 
value (either a variable or a A-abstraction), iff e has a value in the A v -calculus 
(Ap-calculus) 

5 Untyped A c -models 

It is well-known that a categorical model for the untyped A-calculus is a reflexive 
object D D = D in a cartesian closed category (see [Sco80, Bar82]). In a A c -model 
there are two analogs for a reflexive object: — V and N™ — N (see [Ong88] 
for similar definitions in the context of partial cartesian closed categories). 

In the first case we have a model of call- by- value. In fact the elements of V 
correspond to functions from values to computations (as stands for V TV ), and 
therefore an element can be applied to a computation e only after e has been evalu- 
ated. In the second case we have a model of call-by-name, since the elements of N 
correspond to functions from computations to computations. 

The call-by-value and call-by-name interpretations are defined by induction on 
the derivation of the untyped A-term xi, . . . , x n h e (with let): 

• Let G: — > V be an isomorphism with inverse F, then the call-by-value 
interpretation of X\, . . . , x n h e is a morphism from V n to TV (see Table 9), 
because free variables range over values. 

10 The general rules of sequent calculus (in [Sza69]), more precisely those for substitution and 
quantifiers, have to be modified slightly, because variables range over values. These modifications 
are similar to those introduced in the logic of partial terms (see Section 2.4 in [Mog88]). 
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We write = e] for the substitution of x with e in 
E.x 



subst 



r.Ahejr r,i:r.Ahi 



T.A h A[x: = e] 
is an equivalence relation 

r.Ahei = e 2 :r f.Ahi[r = ei] 



congr 



T.A h A[x: = e 2 ] 

Table 5: General rules 



We write (let :r=e in e) for (let X\=e\ in (. . . (let x n =e n in e) . . .)), where n is the lenght 
of the sequence x (and e). In particular, (let 0=0 in e) stands for e. 

id 



T.A h (let x=e in x) = e: r 



comp — : — — : — : — — — Xi $ FV(e) 

1 .A h (let X2 = (iet X\=e\ m e 2 J in ej = (let X\=ei m (let X2=e2 in ejj-.r 

r.Ahei = ei:r r, x: r.A h e 2 = e' 2 : r' 



r.Ah (let x=ei in e 2 ) = (let x=e\ in e 2 ) : r' 

let./? - — : — 

T.A h (let Xi=x 2 in e) = e[Xi m . = x 2 J: r 

let f 

T.A h /(e) = (letz=ein/(z)):T 



EJ 



T.A h [e] | Tr 

T.A h e = e'-.r 
T.A h [e] = [e']:Tr 

let.// 



T.A h //(e) = (let x=e in /t(x)): t 

T.8 

P r.Ah fjL([e]) = e:r 

r.A h [//(a;)] = x:Tr 

T.A \- e l t and T.A h [e] = (letx=ein [x]): r are interderivable 
Table 6: rules for let and computational types 
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E.* 

r.Ah*|i 

1.7] 



r.Ah* = i:l 



E.(-) 



T.A h (xi,X 2 ) i-Ti X T 2 

let.(_) 



T.A h (ei,e 2 ) = (letxi,X2=ei,e 2 in(xi,x 2 )):ri x r 2 

E.7T, 



T.A h 7Tj(a;) J, r, 

let.7r, 



T.A h 7Tj(ei,e 2 ) = (letxi,x 2 =ei,e 2 in7Tj(xi,x 2 )):rj 
T.A\- n i ({x 1 ,x 2 )) = Xf.Ti 
T.A h {tti(x), 7r 2 (x)) = Ti x t 2 

Table 7: rules for unit and product types 



r, x: t.A h e = e': r' / -yT7-^^/'A^ 
^ T.A h (Ax: r.e) = (Xx: T.e'):r ^~7> X * ^ ' 



E.A 



T.A h (Ax: T\.e) 4- ri — r 2 

let.app 



T.A h e(ei) = (let a;, ^i=e, ei inx(a; 1 )): r 2 
^ T.A h (A^i: Ti.e 2 ){xi) = e 2 :r 2 
T.A h (\x\. T\.x(xi)) = x: T\ — ^ T 2 

Table 8: rules for functional types 



16 



Application call-by- value app„: TV x TV — > TV is strict in both arguments: 
app„ = ipv,V, T((F x id y ): evaly y ); // y 



• Let G: Nf — > N be an isomorphism with inverse F, then the call-by-name in- 
terpretation of xi, . . . , x n h e is a morphism from (TN) n to TN (see Table 10), 
because free variables range over computations. 

Application call-by-name app„: TN x TN — > TA is s£nc£ in the first argument 
but lazy on the second: 

app„ = c TNjTN : t TNjN : T(c TN , N );T((F x id TN ); eval^^); ji N 



Remark 5.1 In call-by- value (let x=e in e') is equivalent to (Xx.e')(e), but in call- 
by-name there is no way of expressing (let x=e in e') in terms of application and 
abstraction only, because e is evaluated before binding its value to x (see [Ong88] 
for an analysis of call-by-name for partial computations). 

We think that it is desirable (and very natural) for a programming language to 
have a let, which forces evaluation of an expression. We conjecture that the Xf3- 
calculus (i.e. Plotkin's call-by-name A-calculus) proves exactly those equivalences 
between untyped A-terms without let that are true in any model of call-by-name 



6 Reduction 

The syntactic aspects of the A c -calculus can be studied according to the same pattern 
used for the A-calculus and the A v -calculus (see Chapter 3 of [Bar84] and [Plo75]). 
For simplicity we consider only untyped A-terms with let-constructor. 

In order to define the notions of reduction we need to distinguish between two 
kind of terms: values and nonvalues. The notion of value is that introduced in 
[Plo75] and gives a sufficient (syntactic) criteria for a term to denote a value. 

Definition 6.1 (Basics) 

• Terms, Values and NonValues are the sets defined by the following bnfs 

e G Terms: : = v\nv 

v € Values: : = x\(Xx.e) 
no € NonValues: : = (leta;=eine')|e(e / ) 

• A binary relation — > over Terms, is compatible iff 

for all M -> N and P e Terms 

11 This is obviously true if we allow N™ < N. 
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RULE 


SYNTAX 


SEMANTICS 


var 








X\ , . . . , X n \~ Xi 


= 7rf;^y 


let 


x h e\ 
x, x h e 2 


= 9i 

= 92 




x h (let x=e\ in e 2 ) 


= (idyn , <?i ) ; tyn : y ; Tg 2 ; //y 


A 


i,i;he 


= # 




5; h (Ax.e) 


= A v,v.yn(g);G:ri v v 


app 


a; h ei 
She 


= 9i 
= 9 




3; h e(ei) 


= (#,#i);app„ 



Table 9: call-by-value interpretation 



RULE 


SYNTAX 


SEMANTICS 


var 








X\ , . . . , X n I - Xj 




let 


a; h ei 


= #i 

= 92 




x h (let x=ei in e 2 ) 


= (id(7w)™> Si); t(7w)",;v; r(id( TA r)« x r) N );Tg 2 ; Hn 


A 


x, a; h e 


= # 




3; h (Arc.e) 


= ^TN,N,(TN)" (#) ! ^ ^W™ 


app 


x h ei 
3f h e 


= #1 
= # 




3f h e(ei) 


= (#,#i);app n 



Table 10: call-by-name interpretation 
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- (Xx.M) ->• (Xx.N) 

- M(P) -> N(P) and P{M) -> P(iV) 

- (let z=M in P) -> (let x=N in P) and (letx=PinM) -> (let x=P in TV) 

• a notion of reduction R, i.e. a binary relation over Terms, induces the 
following binary relations over Terms 

— one-step P-reduction —> R , i.e. the compatible closure of R 

— P-reduction =>r, i.e. the reflexive and transitive closure of — 

— P-convertibility i.e. the symmetric and transitive closure 

We introduce three notions of reductions: let, f3 v and r\ v . The notion j3 v was 
first introduced in [Plo75] as the call-by-value analog of (5. while let is a new notion, 
which gives to the A c -calculus extra power w.r.t. the A v -calculus. 

Definition 6.2 (Notions of reduction) 

• /3 V is the notion of reduction > s.t. (Xx.e)v > e[x: = v] 

• rj v is the notion of reduction > s.t. (Xx.v(x)) > v if x £ FV(v) 

• let is the notion of reduction > defined by the following clauses: 

id (let x=e in x) > e 

comp (let £ 2 =(let £i=ei ine 2 ) ine) > (let X\=e\ in (let x 2 =e 2 in e)) 

let v (let x=v in e) > e[x: = v] 

let.l nv(e) > (\etx=nv mx(e)) 

let.2 v(nv) > (\etx=nvmv(x)) 

Remark 6.3 The last two clauses of let together with j3 v provide mutually exclusive 
clauses for reducing an application ei(e 2 ), namely: 

• if e\ e NonValues, then ei(e 2 ) > (letx=ei inx(e 2 )) by let.l 

• else if e 2 G NonValues, then ei(e 2 ) > (let x=e 2 in e\{x)) by let.2 

• else if e\ is (Xx.e), then ei(e 2 ) > e[x: = e 2 ] by f3 v 

• else we can only try to reduce the subterm e 2 

The clause let.2 is particularly important in conjunction with f3 v , since it reduces a 
/5-redex (Xx.e)(nv), which is not a /3„-redex, to a f3 v -vedex in the body of a let. 

Example 6.4 We show how let and j3 v combined together reduce (Xx.x)(yz) to (yz), 
while j3 v alone cannot: 

• (Xx.x)(yz) > (let x=(yz) in (Xx.x)(x)) by let.2 
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• (\etx=(yz) in (Xx.x)(x)) > (let x= (yz) in x ) by /?„ 

• (let x=(?/2:) inx) > (yz) by 

It is easy to give a syntactic characterization of let- and /et/5„-normal forms: 

Proposition 6.5 The set NF of let-normal forms is given by the following bnfs: 

e e NF: : = ^ (^2) | (let rr=Vi (v 2 ) ine) provided e is not x 

v e NFValues: : = x\(Xx.e) 
While the set f3 v NF of let j3 v -normal forms is given by the following bnfs: 

e e f3 v NF: : = v\xi(v 2 )\(\et x=Xi(v 2 ) ine) provided e is not x 

v e /5„NFValues: : = x|(Ax.e) 

The following lemma is the basis for characterizing equivalence and existence in 
the A c -calculus in terms of reduction. 

Lemma 6.6 (Normalization and Commutativity) 

• let-reduction is normalizing, i.e. every term reduces to a let-normal form. 

• let-, j5 v - and r\ v -reduction commute with each other, i.e. if M M\ and 
M => s M 2 , then there exists M' s.t. M x => s M' and M 2 =^ R M' , where R and 
S can be let, f3 v or r] v . 

• r\ v -reduction can be postponed after let- and j3 v -reduction, i.e. if M and 
N =>r Q, then there exists P s.t. M =^>r P and P =^ Vv Q, where R can be 
either let or j5 v . 

Remark 6.7 Since /et-conversion is decidable, one could consider terms up to let- 
conversion, and define j3 v and r\ v as notions of reduction on NF (the set of let-normal 
forms) . 

The study of equational presentation and reduction for the A p -calculus in Chap- 
ters 7 and 8 of [Mog88] is far more complicated than here, because a proper analog 
of /et-reduction is lacking (although there is an analog of let-conversion). We think 
that these complications are due to the non- equational axiomatization of partial 
computations in the A c -calculus, in particular the axiom saying that two partial 
computations e\ and e 2 are equivalent iff (e\ 1 Ve 2 I) — > {e\ = e 2 ). 

Theorem 6.8 (Syntactic characterization of A c -calculus) 

• two terms are provably equivalent in the X c -calculus iff 
they let f3 v rj v -reduce to a common term 

• a term can be proved to exist in the A c - calculus iff 
it letj5 v r] v -reduces to a value. 
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Conclusions and further research 



In this paper we have presented an abstract approach to computations (based on 
category theory), which achieves the following objectives: 

• it provides a general framework for reasoning about programs, rather than a 
collection of similar, but not clearly related, calculi based on an operational 
(or denotational) semantic: 

• it improves calculi inspired by operational semantics (like the A v -calculus), by 
deriving more correct equivalences between programs. 

A comparison between the categorical semantic of computations and that of 
linear logic based on monoidal closed categories (see [See87]) shows that they lead to 
orthogonal (and compatible) modifications of the notion of cartesian closed category. 
In fact, in the former the monad Id^ is replaced by another monad T, while in the 
latter the cartesian product x is replaced by a tensor product ®. In our opinion 
this means that proof and program are rather unrelated notions, although both of 
them can be understood in terms of functions. Moreover, we expect categorical 
datatypes suggested by logic to provide a more fine-grained type system (e.g. the 
only procedures of a linear functional type are those where the formal parameter 
is used exactly once), but without changing the qualitative nature of computations 
(e.g. partial, nondeterministic, and so on), which is given by T. A different view is 
suggested in [Gir88], based on the paradigm: "proofs as actions". 

The A c -calculus open the possibility to study axiomatically specific notions of 
computation, e.g. nondeterminism and parallelism, and their relations. For instance, 
an investigation of the relation between direct and continuation semantics might be 
carried out in full generality, without any commitment to a specific language. In 
the A c -calculus there is a very simple (and natural) definition of equality, namely 
e\ = e 2 iff both e\ and e 2 exist and they are equivalent, which can be safely used at 
compile time to check whether two program units share a common component, as 
required for checking a sharing constrain in ML (see [HMT87]). While up to now 
the correctness of a type-checking has to be proved by looking at the details of the 
operational semantics. 
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